What Your Workplace Violence Assessment May Be Missing

The Occupational Safety and Health Act (OSH Act) is the principal statutory federal law that obligates companies across the U.S. to assess their places of work to make sure they are free from hazards, like violent attacks. But the OSH Act only relates to employees, so if your workplace assessment stops there, you may be missing a component of your risk. The general common law duty of care extends to protecting and warning others in your workplace, not just employees. This means your possible responsibilities applicable to the duty also merit consideration when you assess risk of workplace violence.

By Noah Webster, Divisional Counsel, AtHoc, Inc. and BBM at BlackBerry. As seen originally in Law360 and reposted on the AtHoc blog.

Cost of Workplace Violence

The cost of violence at work is high. Though reported rates of violence are down from the mid-1990s, personal cost in loss of life and injury is high for everyone involved. Data from 2002 to 2011 showed an annual average of around 1.3 million violent workplace crimes. Workplace crimes in 2011 involving rape or sexual assault, other forms of assault, and robbery had a private-sector rate of 5.2 violent victimizations per 1,000 employees age 16 or older and government-sector rate of incidents at 18.0 per 1,000. The Columbine shooting of 1999 and the April 2007 Virginia Tech shooting brings to light both issues of liability and associated costs; the monetary cost can be staggering. As an example of a case where litigation is complete and costs tabulated, the Virginia Tech shooting cost the university $38 million. Additional potential costs can include reputation damage from widespread negative publicity that may take years to recover from.

Duty to Protect and Warn

As an exception to the common law rule that there is no liability for failing to warn or protect others, an employer or landowner defendant generally has a duty of care obligation, where it has a special relationship with another, to warn or protect against foreseeable criminal conduct. A defendant may have such a special relationship with an employee, contractor, supplier, and leased or contingent worker, customer, passenger, tenant, student or invited guest. What constitutes a “foreseeable” crime varies among jurisdictions, but it often includes what is “known” or “reasonably foreseeable.” The Colorado court that decided the Columbine case described foreseeability as “whatever is likely enough in the setting of modern life that a reasonably thoughtful person would take account of it in guiding practical conduct.” Similar to other courts, it articulated a common-sense approach that relied on the circumstances surrounding the case. This often means that a crime is foreseeable when it is connected to past similar crimes near in time or location committed by the same person or others, or when the crime has been threatened.

Courts construe the obligation to protect and warn narrowly, keeping it an exception. This relates to the inequity of holding a defendant, innocent of the underlying crime, responsible for random violence caused by another. This is shown by rulings of no liability across cases, including high-visibility ones such as the ones related to Virginia Tech and Columbine. Courts will also add requirements to limit scope. As an example, a court in one state will look for a “known or reasonably foreseeable” crime when litigation is between an employer and employee, but will require the criminal conduct to also have “imminent probability of harm” when the special relationship is not considered as close.

Commonly within tort law, the expectation for a defendant to act increases in proportion to the increased “apparent likelihood” and “gravity of the possible harm.” Thus circumstances shape what the law requires of a defendant when it has a duty to warn or protect. Although there is no one-size-fits-all set of requirements, cases about the duty provide an indication of what precautions are expected:

Recognize and manage hostile behavior. The allegations in the Virginia Tech and Columbine cases related to a failure to react properly to violent attacks. A set of crisis management procedures, carefully prepared for your circumstances and then communicated to your employees, can prepare your workforce to react properly in a crisis.

Maintain physical security. Suggestions for precautions discussed in cases include having a security team, surveillance cameras, and door locks and other access controls.

Carefully manage employees. Many cases have been about whether a defendant is responsible for an employee’s violent crime, where it failed to protect against the employee in view of known past violent or bad behavior. Steps to address employee violence include the implementation of a policy against workplace violence and crisis management procedures.

Keep in mind, state statutory law can change your liability under particular circumstances. Florida for example has enacted a law that provides a presumption against convenience business liability for criminal acts of another, where certain physical security steps have been taken and employee training have been implemented.

OSHA Required Workplace Risk Assessments

Statutory safety and violence prevention laws require a workplace risk assessment. Under the OSH Act, employers have a general duty to maintain a workplace that is “free from recognized hazards that are causing or are likely to cause death or serious physical harm to [its] employees,” including temporary workers. Conducting worksite risk assessments is a key element to an effective program under the OSH Act against workplace violence. An OSH Act assessment “involves a mutual step-by-step assessment of the workplace to find existing or potential hazards that may lead to incidents of workplace violence.” Maintaining a safe workplace under the OSH Act requires the same types of precautions identified as important in duty of care cases for preventing violence.

Including Duty to Protect or Warn in Workplace Risk Assessments

The duty to warn or protect does not include risk assessment as an element. But assessing your workplace to identify existing or potential hazards that concern the duty – how you might be liable and how you can warn or protect those you have special relationships with – is worthwhile for the following reasons:

Address a Source of Risk: Conducting an OSH Act-only review of your workplace is not enough, because the contours of your duty to protect or warn risk can be meaningfully different. The OSH Act only relates to employees, while the duty relates to the additional special relationships. The different groups might be exposed to different risk when with you, which you will only learn by assessing risk for each. For example, in a department store parking garage an employee may sit in a secure, well-lit booth while the customer walks through a poorly lit parking section. In this example, the customer could be considered to be under greater risk of violence as they search for their car unattended than the employee that is able to observe suspicious activity from a secure location.

That a court may construe the duty narrowly and that no assessment is directly required, does not make less important the need to account for your duty to protect or warn obligations when assessing your risk. Litigation attorneys’ fees and costs and other costs for a failure to warn or protect case pose substantial risk even if you win. Though it ultimately prevailed in its duty to warn case, Virginia Tech paid just under $5 million in “legal and data retention costs.” This – and loss of life – is what you can avoid by conducting a thorough workplace assessment.

Obtain Full Benefit from Work You Are Doing Anyway: A process for conducting an OSH Act assessment can flow into a broader assessment inclusive of the duty of care. The OSH Act assessment process is well developed, and materials for use such as FAQs, guidance, training, industry-specific assessment checklists and more are made publicly available. Extending this process to address the dimension of risk associated with duty of care is more efficient than starting from scratch — in many respects, this can be done by following the same steps and answering the same questions with consideration for your special relationships other than employees.

Furthermore by identifying the additional risks applicable to the duty to warn and protect, you can select mitigation options that cover the broader range of your obligations, making the most efficient use of resources. Consider this simplistic example: it is effective for a convenience store in Florida to implement a precaution that serves to make its workplace safe as required by OSHA, as well as that provides it the statutory state law presumption against duty of care liability. Take advantage of what you are already doing for employees, and check that the precautions also protect your customers and other special relationships.

Conclusion

By preparing your business based on a broadly scoped workplace review that incudes duty of care, you prepare yourself for the hazard of a sudden violent attack. What you need to do will depend on circumstances at the time – and you will be ready.

The views expressed on any corporate or individual's personal website or any Twitter account are not necessarily those of BlackBerry. The user's Twitter account and/or personal website, any corporate website, or any comments contained on any of the foregoing have not been reviewed by BlackBerry and do not constitute an endorsement by BlackBerry.